CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20407 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2021-20407
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, revela información confidencial en el código fuente que podría ser usada en futuros ataques contra el sistema. IBM X-Force ID: 198185 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196185 https://www.ibm.com/support/pages/node/6414765 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20406 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2021-20406
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 198184 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196184 https://www.ibm.com/support/pages/node/6414763 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20405
https://notcve.org/view.php?id=CVE-2021-20405
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un usuario llevar a cabo actividades no autorizadas debido a una codificación inapropiada de la salida. IBM X-Force ID: 196183 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196183 https://www.ibm.com/support/pages/node/6414367 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20404
https://notcve.org/view.php?id=CVE-2021-20404
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un usuario de la red causar una denegación de servicio debido a un valor de cookie no válido que podría impedir futuros inicios de sesión. IBM X-Force ID: 196078 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196078 https://www.ibm.com/support/pages/node/6414363 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20403
https://notcve.org/view.php?id=CVE-2021-20403
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Security Verify Information Queue versión 1.0.6 y 1.0.7, es vulnerable a un ataque cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía • https://exchange.xforce.ibmcloud.com/vulnerabilities/196077 https://www.ibm.com/support/pages/node/6414365 • CWE-352: Cross-Site Request Forgery (CSRF) •